Hi Pat
Thanks for the notice. Looks like there were some bounds checking from older
16bit days :)
Find appended a patch which solves the problem.
Many thanks
- Peter
On 10/12/10 5:21 PM, Cazzaniga Patrizio wrote:
> Hi all,
> I'm trying to use Nfdump to collect netflow data from Cisco N7K.
> All seems to work fine, except for filtering using ifindex, because this kind
> of equipments use 32-bit SNMP interface index.
>
> If I run a simple query to get ifindex value I'm able to see correct value
> (437440512 for example):
> nfdump -M /home/adminnt/nfsen/profiles-data/live/SWINXASSFE1 -T -R
> 2010/12/10/nfcapd.201012101025:2010/12/10/nfcapd.201012101050 -n 10 -s
> record/bps -o 'fmt:%ts %sa %da %in %out'
> Aggregated flows 57181
> Top 10 flows ordered by bps:
> Date flow start Src IP Addr Dst IP Addr Input Output
> 2010-10-29 09:43:24.627 10.131.83.65 10.129.49.246 437440512 0
> 2010-10-29 09:43:24.585 10.130.27.7 10.129.231.5 437440512 0
> 2010-10-29 09:43:24.744 10.141.132.87 10.129.49.242 437440512 0
> 2010-10-29 09:43:24.739 10.131.114.217 10.129.49.244 437440512 0
> 2010-10-29 09:43:24.762 10.142.0.94 10.129.21.113 437440512 0
> 2010-10-29 09:43:24.678 10.131.213.45 10.129.232.78 437440512 0
> 2010-10-29 09:43:24.983 10.129.52.123 10.129.28.109 151061230 437440512
> 2010-10-29 09:43:24.705 10.129.27.247 10.129.52.110 437440512 0
> 2010-10-29 09:43:25.063 10.129.53.109 10.136.62.231 151061245 437440512
> 2010-10-29 09:43:25.034 10.129.236.24 10.130.216.79 151061212 437440512
>
> Summary: total flows: 618764, total bytes: 28.9 G, total packets: 28.9 T, avg
> bps: 219.4 G, avg pps: 27.4 T, avg bpp: 0
> Time window: 2010-10-29 09:43:24 - 2010-10-29 09:43:25
> Total flows processed: 618764, Blocks skipped: 0, Bytes read: 32176376
> Sys: 0.508s flows/second: 1217965.0 Wall: 0.502s flows/second: 1231013.5
>
> But if I try to use this index in a filter I get an error:
> nfdump -M /home/adminnt/nfsen/profiles-data/live/SWINXASSFE1 -T -R
> 2010/12/10/nfcapd.201012101025:2010/12/10/nfcapd.201012101050 -n 10 -s
> record/bps -o extended 'in if 437440512 or out if 437440512'
> Line 1: Input interface number must be 0..65535 at '437440512'
>
> Any feedback greatly appreciated.
>
> Pat
>
>
> eni spa
> Sede Legale
> Piazzale Enrico Mattei, 1
> 00144 Roma - Italia
>
> Capitale sociale
> euro 4.005.358.876,00 i.v.
> Codice Fiscale e Registro Imprese di Roma n. 00484960588
> Partita IVA n. 00905811006
> R.E.A. Roma n. 756453
>
> Sedi secondarie:
> Via Emilia, 1 e Piazza Ezio Vanoni, 1
> 20097 San Donato Milanese (Milano) - Italia
>
> eni.com<http://www.eni.com>
>
> ________________________________
> Message for the recipient only, if received in error, please notify the
> sender and read http://www.eni.com/disclaimer/
>
>
>
>
> ------------------------------------------------------------------------------
> Oracle to DB2 Conversion Guide: Learn learn about native support for PL/SQL,
> new data types, scalar functions, improved concurrency, built-in packages,
> OCI, SQL*Plus, data movement tools, best practices and more.
> http://p.sf.net/sfu/oracle-sfdev2dev
>
>
>
> _______________________________________________
> Nfdump-discuss mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
--
Be nice to your netflow data. Use NfSen and nfdump :)
--- grammar.y.orig 2010-12-13 18:56:49.000000000 +0100
+++ grammar.y 2010-12-13 18:58:38.000000000 +0100
@@ -565,6 +565,10 @@
RB_INIT(root);
RB_FOREACH(node, ULongtree, (ULongtree_t *)$5) {
+ if ( node->value > 65535 ) {
+ yyerror("Port outside of range
0..65535");
+ YYABORT;
+ }
if ((n = malloc(sizeof(struct ULongListNode)))
== NULL) {
yyerror("malloc() error");
YYABORT;
@@ -670,7 +674,7 @@
| dqual AS comp NUMBER {
$$.direction = $1.direction;
- if ( $4 > 0x7FFFFFFF || $4 < 0 ) {
+ if ( $4 > 0xfFFFFFFF || $4 < 0 ) {
yyerror("AS number of range");
YYABORT;
}
@@ -730,7 +734,10 @@
RB_INIT(root);
RB_FOREACH(node, ULongtree, (ULongtree_t *)$5) {
-
+ if ( node->value > 0xFFFFFFFFLL ) {
+ yyerror("AS number of range");
+ YYABORT;
+ }
if ((n = malloc(sizeof(struct ULongListNode)))
== NULL) {
yyerror("malloc() error");
YYABORT;
@@ -1026,7 +1033,7 @@
}
| dqual IF NUMBER {
- if ( $3 > 0x00000000ffffffffLL ) {
+ if ( $3 > 0xffffffffLL ) {
yyerror("Input interface number must 0..2^32");
YYABORT;
}
@@ -1563,10 +1570,6 @@
ullist: NUMBER {
struct ULongListNode *node;
- if ( $1 > 65535 ) {
- yyerror("Value outside of range 0..65535");
- YYABORT;
- }
ULongtree_t *root = malloc(sizeof(ULongtree_t));
if ( root == NULL) {
@@ -1587,10 +1590,6 @@
| ullist NUMBER {
struct ULongListNode *node;
- if ( $2 > 65535 ) {
- yyerror("Value outside of range 0..65535");
- YYABORT;
- }
if ((node = malloc(sizeof(struct ULongListNode))) == NULL) {
yyerror("malloc() error");
YYABORT;
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
Nfdump-discuss mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/nfdump-discuss
